July 3, 2020

The transparent society

kew-Palm House pond.JPGI realize I cheated. The question was complex: assume a pre-defined character ("Rural Rain") and decide how she would have handled an ethical dilemma involving a portfolio and a bank that appeared to be profiting from shady Middle East arms deals. I said she'd do nothing for now and do more research.

In other words, *I* didn't want to decide. I plead that I've never LARPed before, and my character could be a procrastinator, but that, too, is a cheat. Any fiction writer has to make decisions like these all the time. If you want to write that novel, this is practice. And I failed.

The LARP in this case was a fictional focus group organized by Ruth Catlow as part of real UCL research studying how attitudes to data transparency and consumer ethics are shifting. Recursion 'r' us. The UCL project, Glass Houses, has already produced an umber of papers on subjects like banks and cryptocurrencies, and privacy, transparency, and the blockchain, which is often being mentioned as a method for ensuring privacy and transparency.

The thought process that led to our fictional focus group began with Sarah Meiklejohn, who specializes in cryptocurrencies, and observed that even though Zcash supports anonymity, most users don't take advantage of it (PDF), even though there's no particular social pressure to deter them. Lacking the ability to talk to Zcash users themselves, the researchers developed this exercise to explore why and how people care about transparency and how they might think about changing their behavior based on life experiences or arguments presented to them.

So: the fictitious company True Insight, founded 2013 to use data-based emerging technology and design methodologies to find novel solutions, presented us each with a dilemma involving either finance or food and asked us to make a decision. In breakout groups (by topic), we discussed those decisions. Then we were asked to imagine our lives in 2030, taking into account the consequences of those decisions.

My character's dilemma was whether to move her savings account, which was held by a new online bank, chosen for its flexibility and competitive interest rate. Unfortunately, she had now discovered that 90% of the bank's investments were linked with major arms and military contractors operating in the Middle East and the Gulf. Should she move her account? This is where I felt someone who had just lost her earning power - my character was described as a newly retired care home worker who had finished secondary school - would be slow and cautious. What are her alternatives?

I have to applaud the creativity of the others in the group. Mr Fintech, who in 2020 was the bank's head and was trying to control the PR fallout, had abandoned his wife and children, moved to Thailand, and remarried. Now, he said, he had left the industry and was leading a group "hacking the blockchain". Another's assigned 2020 character was a fellow customer who decided with her partner to move their account for ethical reasons even though it meant denting their aspirations to have children and buy a house. By 2030, she said, the new radical transparency had exposed things her partner had hidden, and they'd split up. "I should have known when he wanted to name our child 'Elon'," she said sadly. Her job had disappeared, and with it her dreams. She was just trying to get by.

My character's description said she liked to read the news. I decided she would conveniently also like to read, now she had time, and would continue to educate herself, including reading books about banking, investment, the Middle East, and the arms trade. I thought she'd be more shocked at the bank's incompetence in failing to spot that it was investing in front for an arms dealer than by its ethical failure. Her 2030, in my imagining, was not much different from her 2020: she'd remain in her small town apartment, carefully managing her resources. A cell of the radical transparency movement that another character mentioned arrived early in her town, and what began as a movement to force ethics on companies and their supply chains had been turned on individuals. In her case, the local group had discovered that a workman replacing her toilet had eaten lunch at a disapproved pub and blamed her for not having prevented this.

Mr Fintech suggested my character should VPN herself thoroughly. Instead, I thought she'd opt for physical world interactions as much as possible because people behave differently when they actually know you. Interestingly, the now-single struggler reported a similar approach. She no longer had "the luxury" to embrace ethical choices, but her area's inability to depend on government was leading them to use barter, trade off the books, and create local currencies.

In 1998, privacy advocates were outraged by David Brin's book The Transparent Society, which argued for radical openness (an idea whose time is apparently trying to come). At the Computers, Freedom, and Privacy conference, I remember him saying that privacy laws protected only the rich and powerful. I never believed that. This exercise showed me, to my surprise, that I apparently do believe that transparency laws could be abused the same way and for the same reason: we live in a society that is judgmental and unforgiving about small infractions. Like so much else, transparency is a tool, not a solution.

Illustrations: The Palm House at Kew (via Kew Gardens).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

June 26, 2020

Mysticism: curmudgeon

Carole_Cadwalladr_2019.jpg"Not voting, or not for us?" the energetic doorstep canvasser asked when I started closing the door as soon as I saw her last November. "Neither," I said. "I just don't want to have the conversation." She nodded and moved on. That's the only canvasser I've seen in years. Either they have me written down as a pointless curmudgeon or they (like so many others) don't notice my very small street.

One of the open questions of the three years since Carole Cadwalladr broke the Cambridge Analytica story is how much impact data profiling had on the 2016 EU referendum vote and US presidential election. We know that thousands of ads were viewed millions of times and aimed at promoting division and that they were precisely targeted. But did they make the crucial difference?

We'll never really know. For its new report, Who Do They Think We Are?, the Open Rights Group set out to explore a piece of this question by establishing what data the British political parties hold on UK voters and where they get it. This week, Pascal Crowe, who leads the data and democracy project, presented the results to date.

You can still participate via tools to facilitate subject access requests and analyze the results. The report is based on the results of SARs submitted by 496 self-selected people, 344 of whom opted into sharing their results with ORG. The ability to do this derives from changes brought in by the General Data Protection Regulation, which eliminated the fees, shrank the response time to 30 days, removed the "in writing" requirement, and widened the range of information organizations were required to supply.

ORG's main findings from the three parties from which it received significant results:

- Labour has compiled up to 100 pages of data per individual, broken down into over 80 categories from sources including commercial suppliers, the electoral register, data calculated in-house, and the subjects themselves. The data included estimates of how long someone had lived at their address, their income, number of children, and scores on issues such as staying in the EU, supporting the Scottish National Party, and switching to vote for another party. Even though participants submitted identification along with their request, they all were asked again for further documentation. None received a response within the statutory time limit.

- The Lib Dems referred ORG to their privacy policy for details of their sources; the data was predominantly from the electoral rolls and includes fields indicating the estimated number of different families in a home, the likelihood that they favored remaining I the EU, or were a "soft Tory". The LibDems outsource some of their processing to CACI.

- The Conservatives also use the electoral rolls and buy data from Experian, but outsource a lot of profiling to the political consultancy Hanbury Strategy. Their profiles include estimates of how long someone has lived at their current address, number of children, age, employment status, income, educational level, preferred newspaper, and first language. Plus "mysticism", an attempt to guess the individual's religion.

There are three separate issues here. The first is whether the political parties have the legal right to engage in this extensive political profiling. The second is whether voters find the practice acceptable or disquieting. The third is the one we began with: does it work to deliver election results?

Regarding the first, there's no question that these profiles contain personal and sensitive data. ORG is doubtful about the parties' claim that "democratic engagement" provides a legal basis, and recommends three remedies: the Information Commissioner's Office should provide guidance and enforcement; the UK should implement the collective redress provision in GDPR that would allow groups like ORG to represent the interests of an ill-informed public; and the political parties should move to a consent-based opt-in model.

More interesting, ORG found that people simply did not recognize themselves in the profiles the parties collected, which were full of errors - even information as basic as gender and age. Under data protection law, correcting such errors is a fundamental right, but the bigger question is how all this data is helping the parties if it's so badly wrong (and whether we should be more scared if it were accurate). For this reason, Crowe suggested the parties would be better served by returning to the traditional method of knocking on every door, not just the doors of those the parties think already agree with them. The data they collected in such an exercise would be right - and consent would be unambiguous. My canvasser, even after five seconds, knows more about me than a pile of data does.

For the third question, this future was predicted: in 2011, Jeff Chester worried greatly about the potential of profiling to enable political manipulation. Even before that, it was the long-running theme inside the TV series Mad Men that pits advertising as persuasion and emotional engagement (the Don Draper or knocking-on-doors approach) or as a numbers game in you just need media space targeted at exactly the right selection of buyers (the Harry Crane and Facebook/Google approach). Draper, who ruled the TV show's 1960s, has lost ground to the numbers guys ever since, culminating in Facebook, which allows the most precise audience targeting we've ever known. Today, he'd be 94 and struggling to convince 20-somethings addicted to data-wrangling that he still knows how to sell things.

Illustrations: Carole Cadwalladr (via MollyMEP at Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.